Vulnerabilities (CVE)

Filtered by CWE-416
Total 4315 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-36971 1 Linux 1 Linux Kernel 2024-06-12 N/A 7.8 HIGH
In the Linux kernel, the following vulnerability has been resolved: net: fix __dst_negative_advice() race __dst_negative_advice() does not enforce proper RCU rules when sk->dst_cache must be cleared, leading to possible UAF. RCU rules are that we must first clear sk->sk_dst_cache, then call dst_release(old_dst). Note that sk_dst_reset(sk) is implementing this protocol correctly, while __dst_negative_advice() uses the wrong order. Given that ip6_negative_advice() has special logic against RTF_CACHE, this means each of the three ->negative_advice() existing methods must perform the sk_dst_reset() themselves. Note the check against NULL dst is centralized in __dst_negative_advice(), there is no need to duplicate it in various callbacks. Many thanks to Clement Lecigne for tracking this issue. This old bug became visible after the blamed commit, using UDP sockets.
CVE-2024-32974 1 Envoyproxy 1 Envoy 2024-06-12 N/A 7.5 HIGH
Envoy is a cloud-native, open source edge and service proxy. A crash was observed in `EnvoyQuicServerStream::OnInitialHeadersComplete()` with following call stack. It is a use-after-free caused by QUICHE continuing push request headers after `StopReading()` being called on the stream. As after `StopReading()`, the HCM's `ActiveStream` might have already be destroyed and any up calls from QUICHE could potentially cause use after free.
CVE-2024-30080 1 Microsoft 13 Windows 10 1507, Windows 10 1607, Windows 10 1809 and 10 more 2024-06-12 N/A 9.8 CRITICAL
Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability
CVE-2024-34362 1 Envoyproxy 1 Envoy 2024-06-12 N/A 5.9 MEDIUM
Envoy is a cloud-native, open source edge and service proxy. There is a use-after-free in `HttpConnectionManager` (HCM) with `EnvoyQuicServerStream` that can crash Envoy. An attacker can exploit this vulnerability by sending a request without `FIN`, then a `RESET_STREAM` frame, and then after receiving the response, closing the connection.
CVE-2024-4610 1 Arm 2 Bifrost Gpu Kernel Driver, Valhall Gpu Kernel Driver 2024-06-11 N/A 5.5 MEDIUM
Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver allows a local non-privileged user to make improper GPU memory processing operations to gain access to already freed memory.This issue affects Bifrost GPU Kernel Driver: from r34p0 through r40p0; Valhall GPU Kernel Driver: from r34p0 through r40p0.
CVE-2024-30102 2024-06-11 N/A 7.3 HIGH
Microsoft Office Remote Code Execution Vulnerability
CVE-2024-30101 2024-06-11 N/A 7.5 HIGH
Microsoft Office Remote Code Execution Vulnerability
CVE-2024-30089 2024-06-11 N/A 7.8 HIGH
Microsoft Streaming Service Elevation of Privilege Vulnerability
CVE-2024-30086 2024-06-11 N/A 7.8 HIGH
Windows Win32 Kernel Subsystem Elevation of Privilege Vulnerability
CVE-2024-30082 2024-06-11 N/A 7.8 HIGH
Win32k Elevation of Privilege Vulnerability
CVE-2024-30062 2024-06-11 N/A 7.8 HIGH
Windows Standards-Based Storage Management Service Remote Code Execution Vulnerability
CVE-2024-21399 1 Microsoft 1 Edge Chromium 2024-06-11 N/A 8.3 HIGH
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
CVE-2024-21385 1 Microsoft 1 Edge Chromium 2024-06-11 N/A 8.3 HIGH
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE-2024-21326 1 Microsoft 1 Edge Chromium 2024-06-11 N/A 9.6 CRITICAL
Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability
CVE-2022-43716 1 Siemens 48 Simatic Cp 1242-7 V2, Simatic Cp 1242-7 V2 Firmware, Simatic Cp 1243-1 and 45 more 2024-06-11 N/A 7.5 HIGH
A vulnerability has been identified in SIMATIC CP 1242-7 V2 (6GK7242-7KX31-0XE0) (All versions), SIMATIC CP 1243-1 (6GK7243-1BX30-0XE0) (All versions), SIMATIC CP 1243-1 DNP3 (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-1 IEC (incl. SIPLUS variants) (All versions), SIMATIC CP 1243-7 LTE EU (6GK7243-7KX30-0XE0) (All versions), SIMATIC CP 1243-7 LTE US (6GK7243-7SX30-0XE0) (All versions), SIMATIC CP 1243-8 IRC (6GK7243-8RX30-0XE0) (All versions), SIMATIC CP 1542SP-1 (6GK7542-6UX00-0XE0) (All versions < V2.3), SIMATIC CP 1542SP-1 IRC (6GK7542-6VX00-0XE0) (All versions < V2.3), SIMATIC CP 1543SP-1 (6GK7543-6WX00-0XE0) (All versions < V2.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE0) (All versions < V3.3), SIMATIC CP 443-1 (6GK7443-1EX30-0XE1) (All versions < V3.3), SIMATIC CP 443-1 Advanced (6GK7443-1GX30-0XE0) (All versions < V3.3), SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL (6AG2542-6VX00-4XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC (6AG1543-6WX00-7XE0) (All versions < V2.3), SIPLUS ET 200SP CP 1543SP-1 ISEC TX RAIL (6AG2543-6WX00-4XE0) (All versions < V2.3), SIPLUS NET CP 1242-7 V2 (6AG1242-7KX31-7XE0) (All versions), SIPLUS NET CP 443-1 (6AG1443-1EX30-4XE0) (All versions < V3.3), SIPLUS NET CP 443-1 Advanced (6AG1443-1GX30-4XE0) (All versions < V3.3), SIPLUS S7-1200 CP 1243-1 (6AG1243-1BX30-2AX0) (All versions), SIPLUS S7-1200 CP 1243-1 RAIL (6AG2243-1BX30-1XE0) (All versions), SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) (All versions < V2.3.6), TIM 1531 IRC (6GK7543-1MX00-0XE0) (All versions < V2.3.6). The webserver of the affected products contains a vulnerability that may lead to a denial of service condition. An attacker may cause a denial of service situation which leads to a restart of the webserver of the affected product.
CVE-2024-4418 2024-06-11 N/A 6.2 MEDIUM
A race condition leading to a stack use-after-free flaw was found in libvirt. Due to a bad assumption in the virNetClientIOEventLoop() method, the `data` pointer to a stack-allocated virNetClientIOEventData structure ended up being used in the virNetClientIOEventFD callback while the data pointer's stack frame was concurrently being "freed" when returning from virNetClientIOEventLoop(). The 'virtproxyd' daemon can be used to trigger requests. If libvirt is configured with fine-grained access control, this issue, in theory, allows a user to escape their otherwise limited access. This flaw allows a local, unprivileged user to access virtproxyd without authenticating. Remote users would need to authenticate before they could access it.
CVE-2021-47571 1 Linux 1 Linux Kernel 2024-06-10 N/A 7.8 HIGH
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() The free_rtllib() function frees the "dev" pointer so there is use after free on the next line. Re-arrange things to avoid that.
CVE-2024-36932 1 Linux 1 Linux Kernel 2024-06-10 N/A 5.5 MEDIUM
In the Linux kernel, the following vulnerability has been resolved: thermal/debugfs: Prevent use-after-free from occurring after cdev removal Since thermal_debug_cdev_remove() does not run under cdev->lock, it can run in parallel with thermal_debug_cdev_state_update() and it may free the struct thermal_debugfs object used by the latter after it has been checked against NULL. If that happens, thermal_debug_cdev_state_update() will access memory that has been freed already causing the kernel to crash. Address this by using cdev->lock in thermal_debug_cdev_remove() around the cdev->debugfs value check (in case the same cdev is removed at the same time in two different threads) and its reset to NULL. Cc :6.8+ <stable@vger.kernel.org> # 6.8+
CVE-2021-47520 1 Linux 1 Linux Kernel 2024-06-10 N/A 7.8 HIGH
In the Linux kernel, the following vulnerability has been resolved: can: pch_can: pch_can_rx_normal: fix use after free After calling netif_receive_skb(skb), dereferencing skb is unsafe. Especially, the can_frame cf which aliases skb memory is dereferenced just after the call netif_receive_skb(skb). Reordering the lines solves the issue.
CVE-2021-47521 1 Linux 1 Linux Kernel 2024-06-10 N/A 7.8 HIGH
In the Linux kernel, the following vulnerability has been resolved: can: sja1000: fix use after free in ems_pcmcia_add_card() If the last channel is not available then "dev" is freed. Fortunately, we can just use "pdev->irq" instead. Also we should check if at least one channel was set up.